fsockopen in phpmailer and tls
This is a discussion on fsockopen in phpmailer and tls within the PHP General forums, part of the PHP Programming Forums category; I am having a ball of a time trying to figure this one out... If anyone has dealt with this ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-05-2008
|
|||
|
|||
fsockopen in phpmailer and tls
I am having a ball of a time trying to figure this one out... If anyone
has dealt with this before I'd love to get some morsels of wisdom from you... I am trying to connect to a postfix server I have set up remotely using smtp auth with tls. The postfix appears to be configured correctly at this point. I can telnet to port 25 and it will list tls as an option as the howto describes it should. I try to connect from php and get: PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages: error:1408F10B:SSL routines:func(143):reason(267) in /opt/scriptsMain/include/class.smtp.php on line 122 I've googled this and someone seems very knowledgeable about it yet describes the solution in a way that a mere mortal like myself can't follow. He states in part: "Look at the error message: error:1408F10B:SSL routines:func(143):reason(267) Take the reason code (267) and determine the error: grep 267 /usr/include/openssl/ssl.h /usr/include/openssl/ssl.h:#define SSL_R_WRONG_VERSION_NUMBER 267 Now google for SSL_R_WRONG_VERSION_NUMBER..." ...."So in your server method configuration you must put: SSL_CTX *ctx = SSL_CTX_new (SSLv23_server_method()) to correctely analyse the first client_hello message instead of SSL_CTX *ctx = SSL_CTX_new (SSLv3_server_method()) which i suppose you did" So is he talking about modifying the source code in postfix and rebuilding it? Have any of you guys dealt with this?... By the way, when I started out I had a typo in the postfix config for the path to the certificates for ssl and was getting the same error message. It wasn't until I saw in the postfix mail log that it couldn't read the cert. So that was fixed but I continue to get the same message which I'm now thinking might be a red herring. -- Larry Brown <larry.brown@dimensionnetworks.com> 
|
|
09-05-2008
|
|||
|
|||
|
Re: [PHP] fsockopen in phpmailer and tls
On Thu, 2008-09-04 at 23:20 -0400, Larry Brown wrote:
> I am having a ball of a time trying to figure this one out... If anyone > has dealt with this before I'd love to get some morsels of wisdom from > you... > > I am trying to connect to a postfix server I have set up remotely using > smtp auth with tls. The postfix appears to be configured correctly at > this point. I can telnet to port 25 and it will list tls as an option > as the howto describes it should. I try to connect from php and get: > > PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL > Error messages: > error:1408F10B:SSL routines:func(143):reason(267) > in /opt/scriptsMain/include/class.smtp.php on line 122 > > I've googled this and someone seems very knowledgeable about it yet > describes the solution in a way that a mere mortal like myself can't > follow. He states in part: > > "Look at the error message: > error:1408F10B:SSL routines:func(143):reason(267) > > Take the reason code (267) and determine the error: > grep 267 /usr/include/openssl/ssl.h > /usr/include/openssl/ssl.h:#define SSL_R_WRONG_VERSION_NUMBER > 267 > > Now google for SSL_R_WRONG_VERSION_NUMBER..." > > ..."So in your server method configuration you must put: > SSL_CTX *ctx = SSL_CTX_new (SSLv23_server_method()) > to correctely analyse the first client_hello message > instead of > SSL_CTX *ctx = SSL_CTX_new (SSLv3_server_method()) > which i suppose you did" > > So is he talking about modifying the source code in postfix and > rebuilding it? Have any of you guys dealt with this?... > > By the way, when I started out I had a typo in the postfix > config for the path to the certificates for ssl and was getting > the same error message. It wasn't until I saw in the postfix > mail log that it couldn't read the cert. So that was fixed but > I continue to get the same message which I'm now thinking might > be a red herring. Possibly a complete waste of your time... but maybe you need to configure this setting: smtp_tls_mandatory_protocols http://www.postfix.org/postconf.5.html Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP
|
|
09-06-2008
|
|||
|
|||
|
Re: [PHP] fsockopen in phpmailer and tls
On Fri, 2008-09-05 at 00:58 -0400, Robert Cummings wrote:
> On Thu, 2008-09-04 at 23:20 -0400, Larry Brown wrote: > > I am having a ball of a time trying to figure this one out... If anyone > > has dealt with this before I'd love to get some morsels of wisdom from > > you... > > > > I am trying to connect to a postfix server I have set up remotely using > > smtp auth with tls. The postfix appears to be configured correctly at > > this point. I can telnet to port 25 and it will list tls as an option > > as the howto describes it should. I try to connect from php and get: > > > > PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL > > Error messages: > > error:1408F10B:SSL routines:func(143):reason(267) > > in /opt/scriptsMain/include/class.smtp.php on line 122 > > > > I've googled this and someone seems very knowledgeable about it yet > > describes the solution in a way that a mere mortal like myself can't > > follow. He states in part: > > > > "Look at the error message: > > error:1408F10B:SSL routines:func(143):reason(267) > > > > Take the reason code (267) and determine the error: > > grep 267 /usr/include/openssl/ssl.h > > /usr/include/openssl/ssl.h:#define SSL_R_WRONG_VERSION_NUMBER > > 267 > > > > Now google for SSL_R_WRONG_VERSION_NUMBER..." > > > > ..."So in your server method configuration you must put: > > SSL_CTX *ctx = SSL_CTX_new (SSLv23_server_method()) > > to correctely analyse the first client_hello message > > instead of > > SSL_CTX *ctx = SSL_CTX_new (SSLv3_server_method()) > > which i suppose you did" > > > > So is he talking about modifying the source code in postfix and > > rebuilding it? Have any of you guys dealt with this?... > > > > By the way, when I started out I had a typo in the postfix > > config for the path to the certificates for ssl and was getting > > the same error message. It wasn't until I saw in the postfix > > mail log that it couldn't read the cert. So that was fixed but > > I continue to get the same message which I'm now thinking might > > be a red herring. > > Possibly a complete waste of your time... but maybe you need to > configure this setting: > > smtp_tls_mandatory_protocols > > http://www.postfix.org/postconf.5.html > > Cheers, > Rob. > -- OK. So I broke down and re-created my mail server due to its age. I am now running the latest sendmail and it is still failing. The message in the sendmail log is "...<remoteMachineIP>] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA" A little research is leading me to believe the client (php client script) opened the socket but didn't send anything. Now the certificate that I'm using for the server is a self signed certificate. Evolution asked if I wanted to accept the certificate when I first connected and I did. After which it worked fine. Is there a setting I must enable to accept unknown certificates when a site is first connected to? Any other ideas?
|
|
09-06-2008
|
|||
|
|||
|
Re: [PHP] fsockopen in phpmailer and tls
On Sat, 2008-09-06 at 14:02 -0400, Larry Brown wrote:
> > OK. So I broke down and re-created my mail server due to its age. I > am > now running the latest sendmail and it is still failing. The message > in > the sendmail log is > > "...<remoteMachineIP>] did not issue MAIL/EXPN/VRFY/ETRN during > connection to MTA" > > A little research is leading me to believe the client (php client > script) opened the socket but didn't send anything. Now the > certificate > that I'm using for the server is a self signed certificate. Evolution > asked if I wanted to accept the certificate when I first connected and > I > did. After which it worked fine. Is there a setting I must enable to > accept unknown certificates when a site is first connected to? > > Any other ideas? Sounds like an email client issue and most likely may differ for each and every one of them. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP
|
|
09-06-2008
|
|||
|
|||
|
Re: [PHP] fsockopen in phpmailer and tls
On Sat, 2008-09-06 at 14:06 -0400, Robert Cummings wrote:
> On Sat, 2008-09-06 at 14:02 -0400, Larry Brown wrote: > > > > OK. So I broke down and re-created my mail server due to its age. I > > am > > now running the latest sendmail and it is still failing. The message > > in > > the sendmail log is > > > > "...<remoteMachineIP>] did not issue MAIL/EXPN/VRFY/ETRN during > > connection to MTA" > > > > A little research is leading me to believe the client (php client > > script) opened the socket but didn't send anything. Now the > > certificate > > that I'm using for the server is a self signed certificate. Evolution > > asked if I wanted to accept the certificate when I first connected and > > I > > did. After which it worked fine. Is there a setting I must enable to > > accept unknown certificates when a site is first connected to? > > > > Any other ideas? > > Sounds like an email client issue and most likely may differ for each > and every one of them. > > Cheers, > Rob. > -- I am the email client. In this case which is what I'm trying to figure out. The script fails with the original string I posted: "PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages: error:1408F10B:SSL routines:func(143):reason(267) in /opt/scriptsMain/include/class.smtp.php on line 122" I'm using the smtpmailer class and it is trying to execute fsockopen. So to simplify troubleshooting I used the following code: if(fsockopen("tls://<serverName>",25,$errno,$errstr, 30)) { echo "Made it!\n"; } else { echo "Nope!\n"; echo $errno."\n"; echo $errstr."\n"; } I get the above warning from PHP and $errno has 0 as a value and there is $errstr is empty. PHP is v5.2.6 and phpinfo shows that ssl and tls support are both compiled in.
|
|
09-06-2008
|
|||
|
|||
|
Re: [PHP] fsockopen in phpmailer and tls
On Sat, 2008-09-06 at 14:38 -0400, Larry Brown wrote:
> On Sat, 2008-09-06 at 14:06 -0400, Robert Cummings wrote: > > On Sat, 2008-09-06 at 14:02 -0400, Larry Brown wrote: > > > > > > OK. So I broke down and re-created my mail server due to its age. I > > > am > > > now running the latest sendmail and it is still failing. The message > > > in > > > the sendmail log is > > > > > > "...<remoteMachineIP>] did not issue MAIL/EXPN/VRFY/ETRN during > > > connection to MTA" > > > > > > A little research is leading me to believe the client (php client > > > script) opened the socket but didn't send anything. Now the > > > certificate > > > that I'm using for the server is a self signed certificate. Evolution > > > asked if I wanted to accept the certificate when I first connected and > > > I > > > did. After which it worked fine. Is there a setting I must enable to > > > accept unknown certificates when a site is first connected to? > > > > > > Any other ideas? > > > > Sounds like an email client issue and most likely may differ for each > > and every one of them. > > > > Cheers, > > Rob. > > -- > > > I am the email client. In this case which is what I'm trying to figure > out. The script fails with the original string I posted: > > "PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL > Error messages: > error:1408F10B:SSL routines:func(143):reason(267) > in /opt/scriptsMain/include/class.smtp.php on line 122" > > I'm using the smtpmailer class and it is trying to execute fsockopen. > So to simplify troubleshooting I used the following code: > > if(fsockopen("tls://<serverName>",25,$errno,$errstr, 30)) > { > echo "Made it!\n"; > } > else > { > echo "Nope!\n"; > echo $errno."\n"; > echo $errstr."\n"; > } > > I get the above warning from PHP and $errno has 0 as a value and there > is $errstr is empty. > > PHP is v5.2.6 and phpinfo shows that ssl and tls support are both > compiled in. Ah, I see, I misunderstood when you mentioned Evolution. Sorry, I can't really help you, you're in foreign territory to me :/ Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP
|
|
09-08-2008
|
|||
|
|||
|
Re: [PHP] fsockopen in phpmailer and tls
On Sat, 2008-09-06 at 14:53 -0400, Robert Cummings wrote:
> On Sat, 2008-09-06 at 14:38 -0400, Larry Brown wrote: > > On Sat, 2008-09-06 at 14:06 -0400, Robert Cummings wrote: > > > On Sat, 2008-09-06 at 14:02 -0400, Larry Brown wrote: > > > > > > > > OK. So I broke down and re-created my mail server due to its age. I > > > > am > > > > now running the latest sendmail and it is still failing. The message > > > > in > > > > the sendmail log is > > > > > > > > "...<remoteMachineIP>] did not issue MAIL/EXPN/VRFY/ETRN during > > > > connection to MTA" > > > > > > > > A little research is leading me to believe the client (php client > > > > script) opened the socket but didn't send anything. Now the > > > > certificate > > > > that I'm using for the server is a self signed certificate. Evolution > > > > asked if I wanted to accept the certificate when I first connected and > > > > I > > > > did. After which it worked fine. Is there a setting I must enable to > > > > accept unknown certificates when a site is first connected to? > > > > > > > > Any other ideas? > > > > > > Sounds like an email client issue and most likely may differ for each > > > and every one of them. > > > > > > Cheers, > > > Rob. > > > -- > > > > > > I am the email client. In this case which is what I'm trying to figure > > out. The script fails with the original string I posted: > > > > "PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL > > Error messages: > > error:1408F10B:SSL routines:func(143):reason(267) > > in /opt/scriptsMain/include/class.smtp.php on line 122" > > > > I'm using the smtpmailer class and it is trying to execute fsockopen. > > So to simplify troubleshooting I used the following code: > > > > if(fsockopen("tls://<serverName>",25,$errno,$errstr, 30)) > > { > > echo "Made it!\n"; > > } > > else > > { > > echo "Nope!\n"; > > echo $errno."\n"; > > echo $errstr."\n"; > > } > > > > I get the above warning from PHP and $errno has 0 as a value and there > > is $errstr is empty. > > > > PHP is v5.2.6 and phpinfo shows that ssl and tls support are both > > compiled in. > > Ah, I see, I misunderstood when you mentioned Evolution. Sorry, I can't > really help you, you're in foreign territory to me :/ > > Cheers, > Rob. For posterity and to thank Robert... I have determined that the mechanism in PHP does not allow you to specify tls for a connection that initially starts off as a clear text connection. When you set up sendmail to use tls for smtp auth it allows a connecting client to send connection details specifying tls at which point it will start talking tls. PHP expects the connection to be dedicated tls. So if you specify in sendmail to use a separate port for tls and you point PHP to that port it works like a champ. Thanks to Robert for at least giving it a shot. Hopefully this will be helpful to the next poor soul... Larry
|
|
09-08-2008
|
|||
|
|||
|
Re: fsockopen in phpmailer and tls
Hello,
on 09/05/2008 12:20 AM Larry Brown said the following: > I am having a ball of a time trying to figure this one out... If anyone > has dealt with this before I'd love to get some morsels of wisdom from > you... > > I am trying to connect to a postfix server I have set up remotely using > smtp auth with tls. The postfix appears to be configured correctly at > this point. I can telnet to port 25 and it will list tls as an option > as the howto describes it should. I try to connect from php and get: > > PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL > Error messages: > error:1408F10B:SSL routines:func(143):reason(267) > in /opt/scriptsMain/include/class.smtp.php on line 122 I suspect that you are using the wrong port to send messages via SSL . The fact that port 25 SMTP connections list TLS as available mode, that is for starting TLS after the connection was started. I use this class to send messages via SMTP using SSL to Gmail, but the port is not 25. You may want to try it to see if it works for your server. Take a look at the test_smtp_message.php example script. http://www.phpclasses.org/mimemessage You also need this for SMTP deliveries: http://www.phpclasses.org/smtpclass and this to initiate authentication: http://www.phpclasses.org/sasl -- Regards, Manuel Lemos Find and post PHP jobs http://www.phpclasses.org/jobs/ PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/
|
Linear Mode
